//package com.example.demo;
//
///*
// * Licensed to the Apache Software Foundation (ASF) under one
// * or more contributor license agreements.  See the NOTICE file
// * distributed with this work for additional information
// * regarding copyright ownership.  The ASF licenses this file
// * to you under the Apache License, Version 2.0 (the
// * "License"); you may not use this file except in compliance
// * with the License.  You may obtain a copy of the License at
// *
// *     http://www.apache.org/licenses/LICENSE-2.0
// *
// * Unless required by applicable law or agreed to in writing,
// * software distributed under the License is distributed on an
// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// * KIND, either express or implied.  See the License for the
// * specific language governing permissions and limitations
// * under the License.
// */
//
//import org.apache.shiro.SecurityUtils;
//import org.apache.shiro.authc.*;
//import org.apache.shiro.config.IniSecurityManagerFactory;
//import org.apache.shiro.mgt.SecurityManager;
//import org.apache.shiro.session.Session;
//import org.apache.shiro.subject.Subject;
//import org.apache.shiro.util.Factory;
//import org.slf4j.Logger;
//import org.slf4j.LoggerFactory;
//
//
///** 
// * Simple Quickstart application showing how to use Shiro's API.
// *
// * @since 0.9 RC2
// */
//public class Quickstart {
//
//    private static final transient Logger log = LoggerFactory.getLogger(Quickstart.class);
//
//
//    public static void main(String[] args) {
//
//        // The easiest way to create a Shiro SecurityManager with configured
//        // realms, users, roles and permissions is to use the simple INI config.
//        // We'll do that by using a factory that can inges t a .ini file and
//        // return a SecurityManager instance:
//
//        // Use the shiro.ini file at the root of the classpath
//        // (file: and url: prefixes load from files and urls respectively):
//        Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//        SecurityManager securityManager = factory.getInstance();
//
//        // for this simple example quickstart, make the SecurityManager
//        // accessible as a JVM singleton.  Most applications wouldn't do this
//        // and instead rely on their container configuration or web.xml for
//        // webapps.  That is outside the scope of this simple quickstart, so
//        // we'll just do the bare minimum so you can continue to get a feel
//        // for things.
//        SecurityUtils.setSecurityManager(securityManager);
//
//        // Now that a simple Shiro environment is set up, let's see what you can do:
//
//
//        // 获取当前的用户对象 Subject
//        Subject currentUser = SecurityUtils.getSubject();
//
//   
//        // 通过当前用户拿到Session
//        Session session = currentUser.getSession();
//        session.setAttribute("someKey", "aValue");
//        String value = (String) session.getAttribute("someKey");
//        if (value.equals("aValue")) {
//            log.info("Subject中session的key为somkey的值 [" + value + "]");
//        }
//
//        // 判断当前的用户是否被认证
//        if (!currentUser.isAuthenticated()) {
//        	
//        	//Token : 令牌，没有获取。随机
//            UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
//            token.setRememberMe(true); //设置记住我
//            
//            try {
//                currentUser.login(token); //执行登录操作~
//            } catch (UnknownAccountException uae) { //用户名不对
//                log.info("There is no user with username of " + token.getPrincipal());
//            } catch (IncorrectCredentialsException ice) { //密码不对
//                log.info("Password for account " + token.getPrincipal() + " was incorrect!");
//            } catch (LockedAccountException lae) { //账户被锁
//                log.info("The account for username " + token.getPrincipal() + " is locked.  " +
//                        "Please contact your administrator to unlock it.");
//            }
//            // ... catch more exceptions here (maybe custom ones specific to your application?
//            catch (AuthenticationException ae) {
//                //unexpected condition?  error?
//            }
//        }
//
//        //say who they are:
//        //print their identifying principal (in this case, a username):
//        log.info("User [" + currentUser.getPrincipal() + "] logged in successfully.");
//
//        //test a role:
//        if (currentUser.hasRole("schwartz")) {
//            log.info("May the Schwartz be with you!");
//        } else {
//            log.info("Hello, mere mortal.");
//        }
//
//        //test a typed permission (not instance-level)
//        if (currentUser.isPermitted("lightsaber:wield")) {
//            log.info("You may use a lightsaber ring.  Use it wisely.");
//        } else {
//            log.info("Sorry, lightsaber rings are for schwartz masters only.");
//        }
//
//        //a (very powerful) Instance Level permission:
//        if (currentUser.isPermitted("winnebago:drive:eagle5")) {
//            log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'.  " +
//                    "Here are the keys - have fun!");
//        } else {
//            log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
//        }
//
//        //注销
//        currentUser.logout();
//        
//        //结束！
//        System.exit(0);
//    }
//}